Lieberman Demands Answers about Information Theft

Homeland Security and Governmental Affairs Committee Ranking Member Joe Lieberman, D-Conn., Thursday demanded answers about the theft of sensitive information belonging to 26.5 million veterans. A Veterans Affairs Department employee took the information home, in violation of Department rules. The information was later stolen. Lieberman demanded to know what was being done to track whether the information was being misused and what precautions were being put into place to prevent the same thing from happening again. Following is the statement he delivered at a joint hearing of the HSGAC and Veterans’ Affairs Committee:

Thank you, Senators Craig, Collins, and Akaka. Thank you for holding this hearing as quickly as we have so that we can get some answers about how this enormous security breach occurred in the first place and how we can quickly assist those veterans to whom we owe so much and who have been put at risk by the loss of this confidential information. The security of government computer systems and the vast databases contained within them is a subject we on the Homeland Security and Governmental Affairs Committee have been working on for some time. As information technology continues to advance by leaps and bounds, we must take equivalent leaps and bounds to protect against theft, misuse, and abuse of information brought together by that technology. At various times in our lives, we, the American people, are required to provide the government with all sorts of personal information as part of paying their taxes. We do so out of necessity. But we also provide it on a basis of trust. They will not feel comfortable sharing the information the federal government needs if the federal government cannot guarantee it is kept private and secure. This latest incident at the VA is just the latest reminder that the federal government generally, I have concluded, is not doing enough to guarantee that security. Three years ago, I asked the Government Accountability Office to assess and evaluate federal privacy protections. GAO looked into the privacy practices of 25 federal agencies and reported back that compliance was very uneven and that in nearly one third of cases when agencies disclosed personal information to non federal organizations, the agencies did not have procedures in place to ensure that the personal information disclosed was complete, accurate, relevant, and timely, as required by the Privacy Act. Last year, Senator Collins and I took the Transportation Security Administration to task for violating the privacy of thousands of commercial airline passengers when it collected and stored personal information about those passengers. Not only did TSA violate its own privacy policy, it also failed to meet the basic requirements of the Privacy Act, which is law. The VA security lapse is particularly infuriating because of the population of veterans that has been placed at risk. We are here today to get some answers. I want to know how a Department of Veterans Affairs employee was able to take this sensitive data home in violation of department regulations. I’d like to know why the Department failed to inform the FBI for two entire weeks after the theft? What can the VA and law enforcement agencies do to track whether any of the data is actually used against veterans, so that they can take further precautions? What steps are you taking to make sure that this never happens again? And more generally, can this type of security breach occur at other agencies where sensitive personal information is routinely stored and if so, what are we doing to prevent it? It is now up to you, Secretary Nicholson, and up to your Department, to help restore the American public’s trust in its Veteran’s Affairs Department, and in the ability of its government as a whole, to carry out its duties without jeopardizing personal and sensitive information the people of this great country have and gave to their government. As apart of that, I hope you will not shrink from holding accountable anyone who was responsible for this failure to protect the confidential information of millions of American veterans. Thank you.